Despite an ongoing rash of high-profile data breaches, it appears the confidence of IT security leaders have in the ability to defend their organizations remains surprisingly high. A survey of 473 IT security decision-makers conducted by the market research firm Sapio on behalf of IronNet, a provider of tools for discovering malware on networks, finds 92% express confidence in their current security technology stack despite the fact that nearly half of respondents cited a rise in cyber incidents in the past 12 months.
Much of that confidence appears to stem from the improvement to the security posture of organizations that have been made in the last two years by 90% of respondents. In addition, nearly three-quarters (72%) said they have also increased information sharing with industry peers during the same time period.
The issue that every cybersecurity professional is wrestling with lately is to what degree the recent spate of attacks represent simple misfortune for organizations that failed to properly secure their IT environments versus a shift in strategy on the part of cybercriminals. There’s no doubt cybercriminals have increased the volume of attacks by leveraging automation. The question is whether they are also now specifically targeting high-value targets that might be forced to ransom their data for millions of dollars or if they are simply getting lucky. After all, if the volume of attacks increases it only stands to reason breaches affecting organizations that have a lot to lose will only increase. Once the cybercriminals start to investigate the scope of that breach do they start to appreciate the scope of the opportunity being afforded.
Of course, all the security in the world can’t account for the actions of an end user. It’s safe to assume that at least 5% of employees are prone to make a mistake that could lead to a major security breach. Savvy cybersecurity teams have contingency plans in place to limit the blast radius of any security breach. Those that don’t are putting their faith in technology platforms that may not, for example, be able to account for an end user downloading a PDF file loaded with malware onto a home machine that is connected via a wireless network to a host of corporate applications. In the absence of a true zero-trust IT environment, almost any unexpected thing can happen.
Cybersecurity teams need to honestly assess the cybersecurity posture of their organizations. Time, money and effort is no guarantor of success. Any cybersecurity professional who has participated in a blue team versus red team training exercise knows how creative cybercriminal activity might get. Fortunately, most cybercriminals appear to prefer the path of least resistance. What’s not clear at the moment is whether cybercriminals have confronted a level of resistance that is forcing them to alter their tactics in a way cybersecurity teams are not prepared to confront. Assuming the enemy will continue to rely on their previous known tactics has been shown time again to be the surest way to lose a battle. Pride always goes before the inevitable fall so even if cybercriminals are just getting luckier cybersecurity professionals should assume something more sinister is afoot.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.